The ransomware threat in numbers

Over the last year, ransomware has grown in sophistication and diversity.

Ransomware continues to spread quickly and widely across the world, tightening its hold on the data and devices of both individuals and businesses.

Over the last year, ransomware has grown in sophistication and diversity. Kaspersky’s Security Bulletin the evolution of ransomware, including key developments from the last 12 months, including the main trends and discoveries, as well as what measures are being taken to fight back against it.

A business is attacked by ransomware every 40 seconds

Attacks on businesses increased three-fold between January and the end of September, rising from an attack every two minutes to one every 40 seconds. For individuals, the rate of increase went from every 20 seconds to every 10 seconds. Overall, 23.9% of ransomware attacks are targeting corporates, up from 17% at the beginning of 2016.

A quarter of all users were attacked by CTB-Locker ransomware

Cerber and Locky arrived in the early spring; nasty, virulent strains of ransomware that are propagated widely through spam attachments and exploit kits. CryptXXX appeared a little later on, but established itself with the other two as a ‘major player’, targeting individuals and corporates. All three families continue to evolve alongside well-established incumbents such as CTB-Locker, CryptoWall and Shade.

42% of small and medium-sized businesses were hit by ransomware last year

According to Kaspersky Lab research, in 2016, one in five businesses worldwide suffered an IT security incident as a result of a ransomware attack. As a result, small and medium-sized businesses are increasingly struggling with ransomware attacks, with 42% of them being hit by ransomware in the last 12 months. Of those affected, 32% paid the ransom, but one in five never got their files back, even after paying.

The number of new ransomware modifications has increased by eleven-fold

62 new ransomware families appeared in 2016, bringing with them a vast increase in the number of new ransomware modifications: 32,091 in Q3 from 2,900 in Q1, an increase of 11-fold. Locky ransomware, a new addition last spring, has so far been spread across 114 countries.

One in five IT and education businesses was affected by ransomware

Social engineering and human error remain key factors in corporate vulnerability. One in five cases involving significant data loss came about through employee carelessness or lack of awareness. Some industry sectors, including education and IT/telecoms are harder hit than others, but the research shows that all industries are at risk; there’s no such thing as a low-risk sector anymore.